In recent times organizations have increasingly become victim to attacks on their web services. These attacks are mostly originating from organized crime, often targeted at money fraud. Part of the attacks, often the ones that are large scale and appear in the news headlines, are a preparation step for the fraud, for example by stealing account credentials, credit card details, etc.
Many known fraud schemes make use of “fake” accounts that these criminals create themselves on the service that they sought out for their attack. Fake account creation is usually the first step in many further attacks, so the sooner fake accounts are detected, the less problems appear later when the created accounts are used in fraudulent transactions, spamming, phishing etc. In order to stay invisible to the service/web application, hackers may create accounts from many different machines, typically by using botnets.